I have a new Lenovo Thinkpad with an Intel SSD. I want to set up full disk encryption with pre-authentication boot. From reading I see there is a Guided Setup with Encryption option on the alternate CD installer. If I select this and follow the prompts, will I be all set? Are there any specific partitions or anything I need to create? Are there any special things I need to do before, during, or after installation because I'm installing on an SSD and not on an HDD?

The Thinkpad came preinstalled with Windows 7. I will be installing Natty Narwhal on the whole disk. I will not be dual-booting.

I can't put my finger on it, but I think we've had that exact same question. Anyhow, setting up an ssd for encryption is in no way different from setting up a normal hdd.
–
con-f-useJul 20 '11 at 16:39

There are some performance considerations when using full disk encryption on an SSD. Here's an excerpt that explains the underlying issue nicely:

You write in pages (4KB) but you can only erase in blocks (128 pages
or 512KB); thus SSDs don't erase data when you delete it, only when
they run out of space to write internally. When that time comes, you
run into a nasty situation called the read-modify-write. Here, even to
just write 4KB, the controller must read an entire block (512KB),
update the single page, and write the entire block back out. Instead
of writing 4KB, the controller has to actually write 512KB - a much
slower operation.

As discussed at great length in this masterpiece on SSD performance, SSD performance drops over time as the disk fills up. As explained above. Typically, when setting up full disk encryption, the entire disk is filled with random data so as to obscure the encrypted data from the free space. This, as I understand it (and I'm certainly no expert) means that using full disk encryption one immediately goes to the worst case performance of the drive.

So, understand that the performance hit of encryption on an SSD will be far more potent than on a regular spinning drive.

Second, because of the way data is read / written, again as above, the standard methods for securely deleting files (like the shred utility) don't apply to SSDs. If you're using full disk encryption from the beginning, no problem. But if you already have unencrypted data on the drive, you need to be careful to ensure you fully zero the drive first. I'm not sure how that is done, but I think it's discussed in the masterpiece.

Fundamentally, SSDs function in a totally different way to traditional spinning disks. The bulk of encryption software, secure deletion tools, and guidelines, assume that disks are made of spinning platters. That doesn't apply to the world of SSDs.

My advice to somebody starting out with full disk encryption on an SSD would be two-fold.

First, either start with a clean drive, or carefully zero it before you begin.

Second, under partition the drive. So partition 80%, or as little of the drive as you can get away with. The additional free space can help to maintain drive performance. It does depend on the specific drive, so you could research the details for the exact drive you have and so on, but as a general principle, it can dramatically extend the life of the drive.

Thirdly, and I realise I said two-fold, understand that full disk encryption will simply massacre SSD performance. Personally, that's a trade off I'm willing to make for the security that full disk encryption affords me, but there are alternatives, such as an encrypted home directory in Ubuntu. That type of encryption will likely perform much better on an SSD, although it does have other issues worth considering.

Thanks for the elaborate answer. What are the "issues worth considering" while using encrypted home directory in ubuntu? Could you elaborate on that? Thanks
–
user124095Jan 18 '13 at 0:50

The encrypted home directory feature is based on ecryptfs (of which the other answerer, Dustin Kirkland, is the maintainer!). Ecryptfs in simple terms, encrypts each file individually while full disk encryption encrypts the entire partition. There are pros and cons. For example, with an encrypted home directory, certain information is visible to an attacker, such as the number of files on the system. There used to be a good comparison table on the ecryptfs site, but it's gone. Unless you're security paranoid, it's unlikely to be important.
–
chmacJan 19 '13 at 7:18

Note that that article is from 2009. My experience with full disk encryption on and SSD was that it was not detectibly slower than running without it. Unfortunately I didn't benchmark disk performance before and after, but with an 80GB SSD, 100% used by ubuntu, it's been fine for a few months now. I would not bother leaving spare space (more accurately, I did not do so). Copying 5-10GB to a USB3 device runs at full USB speed, as an example of something I do at least weekly.
–
ӍσᶎNov 29 '13 at 13:36